Atlassian announces end of life for OpsGenie. Looking to switch? We're here to help -- Learn More ➡️
Menu

Password & Authentication Policy

1. Introduction

PagerTree is committed to safeguarding the confidentiality, integrity, and availability of systems and data entrusted to us by our customers. Strong authentication practices are an essential part of our security program and help protect against unauthorized access, account compromise, and data breaches.

This Password & Authentication Policy describes the requirements for creating, using, and protecting authentication credentials at PagerTree.

2. Scope

This policy applies to:

  • All PagerTree employees, contractors, and authorized third parties
  • All systems and applications that access, store, or process PagerTree data
  • All company-managed devices and cloud services requiring authentication

3. Password Requirements

3.1 Password Creation

To promote secure access:

  • All passwords must meet a minimum length requirement of 12 characters
    (longer passphrases are strongly encouraged)
  • Passwords must be unique and may not be reused across systems, personal accounts, or third-party services
  • Passwords must avoid predictable patterns, personal information, or commonly compromised passwords
  • Default or vendor-supplied passwords must be changed immediately upon system deployment
  • Where supported, systems use password dictionaries or deny-lists to block weak or compromised passwords

3.2 Multi-Factor Authentication (MFA)

PagerTree requires MFA wherever technically feasible, including:

  • Administrative accounts
  • Cloud services
  • Remote access
  • Access to production systems

MFA may include TOTP apps, hardware tokens, or equivalent secure factors.

3.3 Password Rotation

PagerTree follows modern security standards that prioritize strong, unique passwords and MFA over frequent password changes.
However, in cases where password rotation is required (e.g., privileged accounts, regulatory requirements):

  • System-level and administrative passwords are rotated at least quarterly
  • Passwords suspected of compromise must be changed immediately

4. Password Protection

To ensure the continued secrecy of authentication credentials:

  • Passwords must not be shared with anyone, including coworkers or supervisors
  • Passwords must not be transmitted via email, chat, or other insecure channels
  • Passwords must not be stored unencrypted or written down in accessible locations
  • Password “hints” must not reveal the structure or contents of a password
  • Credentials must not be embedded in scripts, code repositories, or automated login processes
  • Browser “remember password” features should not be used for administrative or sensitive accounts
  • Company-managed devices that access PagerTree systems must use a device password, PIN, or biometric control and automatically lock after a short period of inactivity

PagerTree provides secure password management tools where appropriate.

5. Compromised Passwords

If a user believes a password has been compromised:

  1. The password must be changed immediately
  2. The incident must be reported to the PagerTree Security Team at security@pagertree.com
  3. The Security Team will assess the scope, revoke active sessions where necessary, and take remediation actions

6. Enforcement

PagerTree expects all personnel to follow this policy as part of their responsibility to maintain a secure environment.
Violations may result in:

  • Revocation of access
  • Disciplinary action
  • Contract termination for third-party partners

7. Review and Maintenance

This policy is reviewed at least annually or whenever significant changes occur to authentication technologies, regulatory requirements, or PagerTree operations.

For questions regarding this policy or PagerTree’s security practices, please contact security@pagertree.com.